-2

Okay, this machine can only ping up to it's default gateway. Which happens to be a sonicwall firewall. I have parsed the logs in the sonicwall and do not see any indication that even cares what the server sends out. As a matter of fact I see no records from the server in the log files at all.

DNS manager, and user management runs extremely slow, I actually have to reset accounts via command line (oh no!!) instead of using window's built in gui.

What I have tried(no particular order)

  • Killed Windows Firewall/AVG
  • Ran netsh winsock reset
  • ran netsh int ip reset reset.txt
  • tried pining 8.8.8.8 (times out)
  • Ping Default Gateway (responds)
  • Set static/dynamic ip(with the mac reserved to the usually static ip in the sonic wall)
  • Reinstalled Network card
  • Unchecked IP v6
  • Removed/Reinstalled DNS Server
  • ipconfig /release /renew
  • reset the arp cache

What I am going to do - around noon (eastern time) I am going to reboot the sonicwall, and Internet Connection. (DONE)

Clients pcs that specify the server as the primary DNS server work correctly, and the servers hostname is pingable.

No other PCs/Servers/Devices have any internet access issues at all..

I'll update after the reboot, does anyone have any other ideals?

EDIT* Route Print route print

Jason
  • 3
  • 3
  • It's not clear to me what the actual problem is. Can you clarify your question? – joeqwerty Aug 15 '16 at 15:08
  • As easy as I can put it.. Say my gateway is 192.168.1.1, I can ping it and I get reply's. However, if I try to ping googles DNS servers (8.8.8.8 or 8.8.4.4) or any other IP address on the internet the machine times out. I though originally thought that my firewall was blocking it, but it does not list the machine in any logs. – Jason Aug 15 '16 at 15:32
  • What does tracert 8.8.8.8 show you? – user5870571 Aug 15 '16 at 15:34
  • I let it run to hop 6, and I got nothing but astericks – Jason Aug 15 '16 at 15:43
  • Your default route is to `192.168.250.1`. Is that the LAN address of your Sonicwall? – Skyhawk Aug 15 '16 at 15:59
  • yes, that is correct. it also uses a few others on different vlans, but for this vlan that is it. – Jason Aug 15 '16 at 16:03

4 Answers4

0

Use command prompt to run the command "route print" and be sure you have been handed a route that will lead packets out of the intranet to the open internet. Something like:

0.0.0.0 0.0.0.0 (Gateway) (interface)

Also verify that the Netmask values appear correctly. Final thought would be your LMHOST. Open and verify its values have not been changed.

Sharing your "route print" findings may help any further responses as well if you are not certain of its config.

Captain Garry
  • 56
  • 1
  • I posted the routing information. The host, and LMHOST files are unchanged and have nothing in them (other than the default comments) – Jason Aug 15 '16 at 15:38
  • So you aren't seeing any output on the Sonicwall log when you attempt to connect to the outside internet from this server? In my experience Sonicwall functions like DHCP and even DNS can be HIGHLY unreliable and often troublesome. Often needing reset/restarted to continue normal functions. This experience is with older iterations however I have stayed clear of them due to these experiences. Have you considered running packet capture with Wireshark to further your troubleshooting? Its possible that could give much needed information. – Captain Garry Aug 15 '16 at 15:54
  • I have considered wireshark but haven't ran it yet. I am also getting ready to go reboot the sonicwall (it is lunchtime in about 5 minutes for the people that need internet access) – Jason Aug 15 '16 at 15:59
  • Let us know what happens. If a reset fixes that issue I would immediately look for a firmware/software update noting that it fixes that issue OR kick it to the curb and get something else. – Captain Garry Aug 15 '16 at 16:00
  • Regretfully, the reboot of the sonic wall appears to not be the issue. – Jason Aug 15 '16 at 16:08
0

There wouldn't be a chance... albeit far fetched... that you have an outbound firewall policy that's just old that happens to match the IP address that server is getting and it's set to deny all traffic to the internet...?

In the SonicWall, go to Firewall > Settings > Select Matrix > Click the button that matches LAN on the left and WAN on the right. See what policies are there. I there's more than just ANY source to ANY destination set for Allow, then you may want to look through those to be sure.

Might not be just a firewall policy either. Could be a NAT policy messing with you.

JustALittleITGuy
  • 41
  • 5
  • I've killed the firewall on the server. Windows/AVG Sonic wall only has a block rule for facebook that was in place well before the net on the server died. NAT looks good as well. – Jason Aug 15 '16 at 20:08
  • Can you ping devices from other VLANs? Also, do you know if your switch is handling Layer 3 between the VLANs? or do you have a Trunk Port on the switch with all of the VLANs and 1 Port on the SonicWall with Sub Interfaces? – JustALittleITGuy Aug 15 '16 at 23:26
  • Yes, the server can reach out anywhere on the vlan, or other vlans. I believe the vlans are set up through the sonicwall. – Jason Aug 16 '16 at 13:25
  • The part that's bothering me the most is that clients that use this server as a primary DNS server are actually working fine to get to the internet. Therefore, forwarders are working properly. Can you tell me, in DNS on that server, what do you have the forwarders set up to? Because if the forwarders are set to bounce requests to another DNS server on the network locally, then that's why it's working. But if the forwarders are going to Google (8.8.8.8/8.8.4.4), Level 3 (4.2.2.1 thru 6) or even Comcast (75.75.75.75, 75.75.76.76), then ... next comment... – JustALittleITGuy Aug 16 '16 at 16:29
  • ... It's possible, the DNS server has stored routes. So, here's what I think you should Try: Regedit: HKLM\System\CurrentControlSet \ services\TCPIP\Parameters\Interfaces Delete every key within interfaces. Then, Go do device manager and delete your NIC. (KEEP THE DRIVERS, aka don't check the delete driver files box). Then right click on the server name at the top and scan for hardware changes. The interface will reinstall and a clean registry key will be created. Then try to ping 8.8.8.8..... *holding breath* – JustALittleITGuy Aug 16 '16 at 16:30
  • Okay, I went to the regedit location, deleted every key, reinstalled the nic. Rebooted the server, came back down to my desk, remotedesktop back in, and still no change. – Jason Aug 16 '16 at 18:02
  • So if you take the NIC on your own PC and set the primary DNS server to 192.168.250.195 with NO secondary server... then you run nslookup from command prompt on your PC, it chooses that .195 server. Then, you type in www.google.com within the nslookup prompt and it hit enter, it actually resolves properly? – JustALittleITGuy Aug 16 '16 at 20:22
  • It appears if I put the dns server as the primary, and leave a secondary blank. it will not ping google. So it appears they are defaulting to the secondary dns server. – Jason Aug 17 '16 at 12:55
0

I completely reinstalled the server OS and reverted to a backup of a know working internet connection, and it still did not work. So, I reverted it back to the most up to date version. I then noticed if I assigned a different static IP to the server it was able to gain internet access.. Finally, I added a second IP address to the server using the advance option in internet protocol tcp/ip v4 of the Local Area Connection properties, and was able to have both domain access, and internet access.. It appears it has to be something with the original static IP I had assigned the server; I am not sure what caused the issue, but at the very least this is a workaround.

Jason
  • 3
  • 3
-1

I've seen this before when a system is converted from Physical to Virtual. Sometimes happens when there is a hidden NIC that is holding the same IP address for the default gateway as your active NIC.

Check your Device Manager for "hidden devices" and see if there's a NIC in there that you may have forgotten to remove all of the static settings from before removing it.

I believe you can also set the Default Gateway again on your current NIC (remove gateway and leave blank, then go back in and set it again) and you'll be asked a question that the same gateway exists on another NIC.

I'm making LOTS of assumptions here... So it's possible I'm not even close.

JustALittleITGuy
  • 41
  • 5
  • Okay, thanks for the input paul. I went to device manager, and disable all hidden network adapters. Set IP to dynamic, forced static ip, and set back to dynamic. Still same issue. ran a ipconfig /all and it only list the realtek adaptor as the sole network card. Also, I would like to point out this machine only utilizes 1 onboard NIC, and has never had a different NIC installed on it. It is a physical machine, that I plan on cloning to a VHD and migrating to a virtual machine in the near future (once we get the funding for the new machine). – Jason Aug 15 '16 at 15:24
  • I also had the problem Paul described and I was able to resolve it by running `netsh winsock reset`. – user5870571 Aug 15 '16 at 15:34
  • I have attempted a winsock reset several times – Jason Aug 15 '16 at 15:43